Probability assessment failures

We can demonstrate the notions of risk and risk assessment using Figure 1.18. For a given probability of failure occurrence and severity of consequence, it is possible to map the general relationship of risk and what this means in terms of the action required to eliminate the risk. 

In this study detailed fault trees with probability and failure rate calculations were generated for the events (1) Fatality due to Explosion, Fire, Toxic Release or Asphyxiation at the Process Development Unit (PDU) Coal Gasification Process and (2) Loss of Availability of the PDU. The fault trees for the PDU were synthesized by Design Sciences, Inc., and then subjected to multiple reviews by Combustion Engineering. The steps involved in hazard identification and evaluation, fault tree generation, probability assessment, and design alteration are presented in the main body of this report. The fault trees, cut sets, failure rate data and unavailability calculations are included as attachments to this report. Although both safety and reliability trees have been constructed for the PDU, the verification and analysis of these trees were not completed as a result of the curtailment of the demonstration plant project. Certain items not completed for the PDU risk and reliability assessment are listed. 

FMEA is a quantitative risk analysis for complex systems (Fig. 6). As this approach involves assessment of occurrence probabilities, detection of failures, and judgment as to the severity of a failure, it should only be chosen if some practical experience with the technical system is available. Each of the three values will be assigned a number from 1 to 5. Multiplying these values results in the risk priority number. This number indicates the priority of the assessed failure. The pure version of the FMEA is seldom practiced in the pharmaceutical industry. 

The cooling failure scenario presented above uses the temperature scale for the assessment of severity and the time-scale for the probability assessment. Starting from the process temperature (TP), in the case of a failure, the temperature first increases to the maximum temperature of the synthesis reaction (MTSR). At this point, a check must be made to see if a further increase due to secondary reactions could occur. For this purpose, the concept of TMRad is very useful. Since TMRad is a function of temperature (see Section 2.5.5) it may also be represented on the temperature scale. For this, we can consider the variation of TMRad with temperature and look for the temperature at which TMRad reaches a certain value (Figure 3.4), for example, 24 hours or 8 hours, which are the levels in the assessment criteria presented in Sections 3.3.2 and 3.3.3. 

The calculations in sections 13.3 and 13.5 are based on avoidance of the shaft critical speed or sudden failure due to jamming. This section allows the basic designs in those sections to be assessed for the probability of failure due to fatigue. This is expressed in terms of a factor of safety for fatigue, Ff. 

There are four SIL numbers from 1 to 4 expressing the range of probability of failure on danand. For category 1 (dryers) the overall protection systan S1L3 is assigned, i.e., the probability of failure on demand is from 10 to 10 Vyear. These are basic guidelines to the risk assessment and selection of particular protective devices. 

It is very clear from the complexity of the situations described in the case studies of the last two chapters, that simple factors of safety, load factors, partial factors or even notional probabilities of failure can cover only a small part of a total description of the safety of a structure. In this chapter we will try to draw some general conclusions from the incidents described as well as others not discussed in any detail in this book. The conclusions will be based upon the general classification of types of failure presented in Section 7.2. Subjective assessments of the truth and importance of the checklist of parameter statements within that classification are analysed using a simple numerical scale and also using fuzzy set theory. This leads us on to a tentative method for the analysis of the safety of a structure yet to be built. The method,however, has several disadvantages which can be overcome by the use of a model based on fuzzy logic. At the end of the chapte(, the discussion of the various possible measures of uncertainty is completed. 

Time-dependent assessment. This allows for assessing the probability of failure as a function of time and for representing basic events which have a variable probability rate [see NASA Fault Tree Handbook, paragraph 7.7]. 

Note A piece-part FMEA is often only effectively conducted by the design authority of the part being considered. For the purposes of supporting a 2X.1309 System Safety Assessment, the piece-part FMEA is thus seldom applied above System Level 3 and is only conducted(ARP4761 para G.3.2.2) when necessary (eg, when the more conservative results of a functional FMEA will not meet the ETA probability of failure budget). 

Several methods relating to hazards analysis and risk assessment exist. They are generally divided into qualitative and quantitative (lEC 61508 lEC 61511). The choice of specific method depends on accident scenario being considered and available data. When a risk evaluated for scenario considered is high, it is necessary to reduce it to an acceptable level using protection layers, each of specified reliability, expressed often as the probability of failure on demand (PFD) (LOPA 2001). 

Because of the variation in assessment factors and their uncertainty (lightning characteristics, attachment locations, damage models, etc.), a probabilistic or statistical approach can be used to express a relationship for the probability of failure of a critical chemical equipment item. For a single equipment item, this relationship can be expressed as ... 

Acceptable risk is strongly related with the acceptable probability of failure and the acceptable amount of losses. There is general agreement in the literature and in regulatory circles that risk should at least be judged from two points of view in relation to inundation consequences. The first point of view concerns the risk assessment by society on a national level which relates to the number of casualties due to a certain hazardous event. Risk is defined as the relation between frequency and the number of people suffering from a specified level of harm in a given population from the realisation of specified hazards . If the specified level of harm is limited to loss of life, the societal risk may be modelled by the frequency of exceedance curve of the niunber of deaths, FN-curve. Secondly, the... 

One of the most important safety related systems is reactor trip system (RTS). RTS malfunction probability assessment is based on knowledge of malfimction its components and on reliability analysis of its functions. Solution of this task is described in (Fuchs et al. 2007). Input parameters of this task are component failures data (see table 1) and output parameters are malfunction probabilities of RTS functions, see Table 2. 

In principle, the probability of simultaneous failure for a set of software components can be assessed through statistical testing. However, due to the typically low probabilities of failure (particularly when we consider simultaneous failures) the number of tests required to obtain adequate confidence usually becomes very high. An alternative approach is therefore to complement testing with available prior informationregarding the software components, so that sufficient confidence can be obtained with a practicable achievable amount of testing. 

Theoretical probabilistic safety assessment relies on identifying the structure parameters and the physical model which governs the failure (Elegbede 2005). This physical model is generally described by a function named limit state function in structural reliability theory (Madsen et al. 2006). Since the physical parameters of the structures are generally covered with uncertainties, there are generally modeled by random variables. Thus, to assess failure probability of... 

A quantitative target for measuring the level of performance needed for safety function to achieve a tolerable risk for a process hazard. It is a measure of safety system performance, in terms of the probability of failure on demand. There are four discreet integrity levels, SIL 1-4. The higher the SIL level, the higher the associated safety level and the lower the probability that a system will fail to perform properly. Defining a target SIL level for a process should be based on the assessment of the likelihood that an incident will occur and the consequences of the incident. Table S.2 describes SIL for different modes of operation. 

Actually, on the potential failure surface, the physical and mechanical parameters such as strength parameters c and (jf in equation 1 may not be constants but be random variables. Thus, a deterministic theory cannot be used to assess the stability of such slopes. The stability of such slopes can be evaluated on the basis of probability of failure or reliability index of the stochastic theory. 

Quantitative analysis of individual equipment items is the most detailed level of assessment and is directed at the highest risk items. It is fully quantitative and usually requires multidisciplinary expert input. The probability of failure... 

Assessment procedures capable of giving an estimate of condition, probability of failure and serviceable lifetime while the plant is operating are based on calculation (Fig. 2.1). An inverse design (e.g. API RP-530) deterministic approach can be adopted, but this invariably produces conservative results. Thus, in line with the current trend for risk-based information, the more accurate approach is to deploy probabilistic techniques and a more rigorous... 

This chapter has illustrated that plant assessment technology tools can provide results, quantified in most cases in probability of failure versus time terms, that give the Inspection, Maintenance and Operations functions a basis on which to optimise the cost benefit of their decisions and actions, both prior to and during shutdown of the plant and which can be deployed within an integrated framework for through-life plant management. 

---